Routing issue: SVI vs Firewall interface
Greetings
I have several switches interconnected in my network and multiple VLANs configured with SVI assigned to each. InterVLAN routing works just fine. The switchport connected to corporate firewall is the first port on the main switch (interface GigabitEthernet1/0/1 I recon).
The firewall is VLAN unaware and it is managed by third party; I do not have access to it. The firewall is configured to route below two ranges only, and that is fine:
155.111.215.254/25 (servers)
10.15.245.254/24 (end users)
In my network, these ranges are broken down to sub-ranges and assigned VLAN ip address. Other ranges that I have in my network (192.168.x.x) are used by peripheral devices within LAN only and do not need to reach the firewall (neither internet).
So here is the problem I have:
If I point end user machines and servers to corresponding firewall interfaces (assign default gateway accordingly), they can reach each other and have access to internet. But they would not be able to reach peripheral devices in 192.168.x.x range which are pointed to respective VLAN IP address (SVI).
If I point end user machines and servers to respective VLAN IP address, they would reach peripheral devices, but there would be no connection to the internet. So what I need is access to internet for computers with ip address within firewall configured range, but with SVI as the default gateway rather than the firewall interfaces.
My request to add each VLAN to the firewall was rejected because it would cost money.
For a workaround, I wonder whether there is something to do with the switchport connected to the firewall, or it is adding some rules on the firewall I need (like NAT). If it is the latter, then how to make a proper request to the firewall management team.
I would appreciate a suggestion on how to deal with this. Many thanks.
PS: Attaching main switch config file just in case.
Hi,
You can tweak something in the firewall to make this work... you can have the firewall has the gateway for all VLAN's.... you can do NAT exemption in the firewall to reach those pheripheral devices.... and you should have the route from the firewall to reach that and access-list should allow that......
same-security-traffic permit intra interface - to permit access to flow through same interface......
Make sure you are able to reach those pheripheral vlan from ASA 1st... then do setp by step.... acl's, NAT exemption, same-sec., route... route shouwld be pointed to core devices, since that has the direct connectviity from pheripheral devices VLAN...
Regards
Karthik
Similar Messages
-
Firewall reverse routing issue:
Dear Friends,
I am using ASA 5505 with base license and ISP connected directly on the firewall.While L# switch is connected through firewall also.
my configuration is :
ASA Version 7.2(4)
hostname CiscoFirewall03316
domain-name default.domain.invalid
enable password Ko5SCsPM2YQ1wt2G encrypted
passwd Ko5SCsPM2YQ1wt2G encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 10.192.32.11 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 112.23.24.25 255.255.255.248
interface Vlan10
no nameif
security-level 90
ip address 192.168.0.3 255.255.240.0
<--- More --->
interface Vlan50
no nameif
security-level 80
ip address 10.195.32.15 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 10
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 50
interface Ethernet0/6
interface Ethernet0/7
<--- More --->
ftp mode passive
clock timezone IST 5 30
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 121.242.190.181
name-server 121.242.190.210
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list in_out extended permit ip any any
access-list out_in extended permit ip any any
access-list out_in extended permit ip any 112.23.24.25 255.255.255.248
access-list cisco_splitTunnelAcl standard permit 0.0.0.0 255.255.255.0
access-list cisco_splitTunnelAcl_1 standard permit any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool ciscouser 10.10.10.240-10.10.10.249 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
<--- More --->
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group in_out in interface inside
access-group out_in in interface outside
route inside 192.168.0.0 255.255.240.0 192.168.0.2 1
route outside 0.0.0.0 0.0.0.0 112.23.24.25 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 10.192.32.0 255.255.255.0 inside
http 112.23.24.0 255.255.255.248 outside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_DES_SHA mode transport
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
<--- More --->
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs
crypto dynamic-map outside_dyn_map 80 set transform-set TRANS_ESP_DES_SHA
crypto dynamic-map outside_dyn_map 100 set pfs
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
client-update enable
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
<--- More --->
telnet 10.192.32.0 255.255.255.0 inside
telnet 0.0.0.0 0.0.0.0 outside
telnet 112.23.24.0 255.255.255.0 outside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server none
vpn-tunnel-protocol l2tp-ipsec
group-policy cisco internal
group-policy cisco attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cisco_splitTunnelAcl_1
username test password tFqxsrS5ErBk4STW encrypted privilege 0
username test attributes
vpn-group-policy cisco
username admin password V5OS2TRb/vQZ7oZ9 encrypted
username ciscouser password 6aU35/UOvPoumpKWCFYSig== nt-encrypted privilege 0
username ciscouser attributes
vpn-group-policy DefaultRAGroup
<--- More --->
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup general-attributes
address-pool ciscouser
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
<--- More --->
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
policy-map type inspect im Google
parameters
match protocol msn-im yahoo-im
drop-connection log
service-policy global_policy global
prompt hostname context
Cryptochecksum:a883391680fa205ee31f05881761958c
: end
Everything is running fine on vlan 1 but vlan 10 is not running from user end.there is no ping from inside of 192.168.0.2
Please advise me.ThanksThere are 2 conflicting configuration:
interface Vlan10
no nameif
security-level 90
ip address 192.168.0.3 255.255.240.0
and "route inside 192.168.0.0 255.255.240.0 192.168.0.2 1"
How do you want to connect VLAN 10? is it on its own interface on the firewall? if it is, then you would need to configure a name for it, via the nameif command, and remove the above route inside
if it is going to be a routed subnet via the inside interface, then the above route needs to be modified as follows:
route inside 192.168.0.0 255.255.240.0 10.192.32.x
--> 10.192.32.x needs to be the next hop which is your L3 switch vlan 1 interface ip
and you would also need to shutdown interface vlan 10 on the ASA and remove the IP Address. -
Routing issue between Cisco device and Virtual machine
Hi Guys,
We have two local subnets in a virtualized environment, subnet 1 has a VM operating as a firewall, we would like all traffic for subnet 2 to go via VM on subnet 1, this will police traffic on subnet 2 and then reroute.
The infrastructure involved comprises,
Internet Edge Switch -> ASA -> Core Switch -> IBM Flex chassis
The Internet edge switch is directly connected between the ISP routers and the Cisco ASA firewall pair (A/S). The ASA is then connected to the Core switch. Connected from the core switch is an IBM Flex chassis, via a port channel (all vlans allowed)
The local subnets in question are as follows:
Vlan 101 (10.1.1.0/24)
Vlan 102 (10.2.1.0/24)
The VM in question has two NIC cards having IP address of both subnets.
NIC 1: 10.1.1.1
NIC 2: 10.2.1.1
We would like packets destined for 10.2.1.1 to land on 10.1.1.1 IP address. At the moment traffic for each vlan routes from the outside to their respective local subnets successfully, what we are having difficulty with is directing traffic for subnet 2 via subnet 1 VM firewall.
At the moment we have tried adding a static route on the core switch but it didn’t work
ip route 10.2.0.0 255.255.255.0 10.1.1.1
I will appreciate if you could share your knowledge and guide me how to achieve this goal.
Thanks in advance :-)Hi,
I think for this to work you need a transit vlan between the VMs and the core switch. So, if you have 2 vlans on the VM (101 and 102) you use the VM switch to route between the vlans and in order to go outside the local vlans you would use the core switch. In this scenario you would not have an SVI (layer-3) interface on the core. The only thing that core will have is the layer-2 vlans (101 and102). You would than need a static route on the core switch to point to the transit vlan on the VM side.
so, for example, if the transit vlan is vlan 110 and the ip is 192.168.1.0/24
on the core you have static routes:
ip route 10.1.1.0/24 192.168.1.2 (VM side)
ip route 10.1.2.0/24 192.168.1.2 (VM side)
You also need an SVI for vlan 110 with ip address 192.168.1.1/24 on the core.
on the VM you need a default route to point to the core (192.168.1.1).
Is this what you are trying to do?
HTH -
Routing issue in Nexus 7009 due to vPC or hsrp
we have two site's, on first site we have two nexus 7009 switches (Nexus A & Nexus B) and other site is remote site having two 6500 switches. (design attached)
we are using hsrp on nexus switches and Active is Nexus A for all vlan’s
From one of my remote site user's (user's are in vlan 30 ) are not able to communicate with nexus site vlan 20 specially if host in vlan 20 take forwarding path from nexus switch B,
I can ping the vlan 20 both physical address's and gateway (vlan 20 configured in both nexus switch and using HSRP) from vlan 30 which configured on remote site 6500 switch
ospf with area 0 is the routing protocol running between both site.
vlan 10 we are using as a management vlan on both nexus switch that building neighbore ship with WAN router, it's means wan router have two neighbors nexus A and nexus B, but nexus B building the neigbhorship via a Nexus A because from WAN router we have single link which is terminated on Nexus A,
there is one layer 2 switch between nexus A and WAN router, nexus A site that switch port in vPC because we are planning to pull second link later to nexus B.
All user's are connected with edge switch and edge switch have a redundant uplink to nexus A and B with vPC configured
After troubleshooting we observe that if user in vlan 20 wants to communicate with vlan 30 (remote site), traffic is taking Nexus B is forwarding path, then gets drops.
I run the tracert from pc its showing route till SVI on Nexus B after that seems packets not finding route. Even vlan 30 routes are available in the routing table of Nexus B. we don’t have any access-list and Firewall between this path.Hi,
I suspect in your scenario that traffic is being dropped due to the characteristics of vPC, the routing table on Nexus-B may reflect the next-hop address for the destination IP, however if that next-hop address is the address of the Nexus-A off of VLAN 20 then it will be forwarded across the vPC peer-link, this breaks the convention.
When you attach a Layer 3 device to a vPC domain, the peering of routing protocols using a VLAN also carried on the vPC peer-link is not supported. If routing protocol adjacencies are needed between vPC peer devices and a generic Layer 3 device, you must use physical routed interfaces for the interconnection.
You can configure VLAN Interfaces for Layer 3 connectivity on the vPC peer devices to link to Layer 3 of the network for such applications as HSRP and PIM. However, Cisco recommend that you configure a separate Layer 3 link for routing from the vPC peer devices, rather than using a VLAN network interface for this purpose.
Take a look at the following URL, this article helps to explain the characteristics of vPC and routing over the peer-link:
http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/
Regards
Allan.
Hope you find this is helpful.
Sent from Cisco Technical Support iPad App -
I am having a routing issue with a 3550 switch. I have 5 vlans and I need one of the vlans to access a different router based on destination IP rather than our edge router. I have entered a static route on the 3550 that points to the secondary router whenever a certain network is tried to be accessed. My problem is I can't seem to get the traffic to flow correctly. When I trace route an address on the Internet the path shows as expected, the 3550 then my firewall then my edge router. When I trace an address that is on the other side of the secondary router I get the 3550 as the first hop, then nothing. I can ping the address so I know the path is up. What could be the issue? Thanks in advance.
Hello,
in addition to Mahmood´s post, what do you have defined as the next hop for the default route to the secondary router ? If you use an interface on the 3550 as the next hop, make sure that whatever is connected is in the same subnet, otherwise use the IP address of the next hop. So, let´s say your remote network is 192.168.1.0, and the secondary router is connected to FastEthernet0/1, your default route should look like this if the secondary router is in the same subnet (in this example, the IP address of the secondary router would be 172.16.1.2):
interface FastEthernet0/1
no switchport
ip address 172.16.1.1 255.255.255.252
ip route 192.168.1.0 0.0.0.255 FastEthernet0/0
Otherwise, try:
ip route 192.168.1.0 0.0.0.255 172.16.1.2
where 172.16.1.2 would be the address of the secondary router.
Does that make sense ?
Regards,
GNT -
Multicast routing issues when a subinterface is configured
Strange issue here. Cisco and the vendor are unable to help so far...
Most of our layer 3 lives on core switches. However, we have a couple sites off our WAN connected via Cisco routers. In these offices, we can not get paging to work.
I setup a lab and have finally determined what is at least causing the issue. My lab "branch" has the same problems, but I can resolve the problem by removing the sub-interface off the router.
On my LAN side of the router, with this config, everything works fine.
#--- THIS WORKS ---#
R1#
ip pim rp-address 192.168.251.254
gig 0/0 (connects to SW1 g0/1)
ip address 10.254.253.254 255.255.255.0
ip pim sparse-dense mode
SW1#
gig 0/1 (connects to R1 g0/0)
!no config - default VLAN1
When I apply this config...everything breaks. The phone goes off
#--- THIS DOES NOT WORK ---#
R1#
ip pim rp-address 192.168.251.254
gig 0/0 (connects to SW1 g0/1)
no ip
gig 0/0.777 (connects to SW1 g0/1)
ip address 10.254.253.254 255.255.255.0
ip pim sparse-dense mode
SW1#
gig 0/1 (connects to R1 g0/0)
sw mode trunk
sw trunk encap dot1q
int vlan 777
ip address 10.254.253.1 255.255.255.0
ip pim sparse-dense mode
int vlan 778
ip address 10.254.251.1 255.255.255.0
ip pim sparse-dense mode
gig 0/17 (phone port)
switch access vlan 778 (keeping it simple for now)
I have tried this on 2 different model routers, each with different IOS versions. The same issues follow each router. What is it about the sub interfaces?
Any insight? Calling all multicast experts! Thanks!Hi,
creating sub-interface should not create any difference here. Only difference i can see earlier switch was working in l2 mode now it is participating in multicast routing as SVI is configured and pim neighborship established. Have you configured RP address on SW1. Please share below outputs from both devices
- running config
- show ip mroute <group>
- show ip pim rp address mapping
Regards,
Akash -
Routing Issue with 2 Nics on Windows Server 2008 R2
Good Day
My issue is I needed to set up port forwarding for a web server to communicate with our hotels management server to check availability.
Initially the server has a single Nic configured in the 172.26.1.0 /24 network , Its default gateway the Switch vlan interface 172.26.1.1
We have many vlans for all the systems in the hotel and the server also needs to communicate with 3 other servers on different subnets which it does just fine.
I now added an additional adsl line with a managed router which has an interface of 192.168.10.1 /24 , My servers second NIC has the IP address 192.168.10.2 with its gateway being the 192.168.10.1
This 192.168.10.0 network is in a L2 Vlan and the rest of the network does not know it exists. It was working fine then just stopped asfter i added a static route to the server , which i did with RRas... I did this as the server could not communicate with
just one of the servers..
If i disable the 172.26.1.0 NIC the port forwarding works but then obviously the rest of the network goes down.. I know its a routing issue but am lost
please helpHello,
using multiple default gateways is not a good idea.
See details in http://support.microsoft.com/kb/159168/en-us
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
No airtunes with pppoE due to routing issues?
I just switched to an optical fiber to the home internet connection (which is getting pretty popular here in Japan). Needless to say, the network is very fast, however, I can no longer use airtunes via my airport express network. The airport express stations (both of them) no longer show up in iTunes. My guess is that this is due to a routing issue and the same problem must have been encountered by others before and hopefully solved. The new internet connection uses pppoE to make a connection to the internet service provider. This gives me an internet address of the form 125.197.xx.yy. I still have my airport express set to get an address via dhcp (which the new optical fiber hub provides) and is of the typical private network form 192.168.1.4. When I am connected by pppoE to the internet, my iTunes cannot see my airport express due to routing issues I assume. Is there an elegant solution to this -- can I use my airtunes and the internet at the same time? Would modifying the internet routing help here (I have used this before when I have had multiple interfaces going (e.g. one in a secure local lan and the other supporting an internet connection via ssh to the outside world). Any advise would be much appreciated. I haven't tried asking my airport express to log in via pppoE -- is this the only solution?
Well as I have for my last several posts -- I solved the problem myself. I am pretty sure that the root cause was a routing problem (pretty obvious in fact). By have the airport express base station connect via pppoE itself (I have a remote relay airport express as well) and switching to NAT and DHCP distribution of addresses via the airport express, I can both see my airtunes as well as my ethernet connection. It is a non-ideal solution as I have a fixed IP which would have been convenient to log in from outside to, but I guess I can live with that.
-
VLAN Select with firewall interfaces
We are looking to implement vlan select on a wireless network. This network needs to be terminated behind the firewall. We were looking at putting the layer 3 interfaces on the core, then using a route-map to change the next hop to the common firewall interface. Is there a better way to configure such a setup?
Yup,
There should be no problem with such configuration. I suspect something is misconfigured on switches. Are you sure both ports are trunks and both are configured as single etherchannel in lacp mode on switches?
Because VLANs are configured over bonds - I'd rather suspect LACP misconfiguration not VLANs here. AFAIK you should be having problems without using VLANs too.
Here is my config which just works and there are couple vlans configured over bond0:
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 250
Up Delay (ms): 500
Down Delay (ms): 500
802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
Active Aggregator Info:
Aggregator ID: 1
Number of ports: 4
Actor Key: 17
Partner Key: 40
Partner Mac Address: 02:00:00:00:00:0c
Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 5c:f3:fc:da:bb:14
Aggregator ID: 1
Slave queue ID: 0
Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 5c:f3:fc:da:bb:16
Aggregator ID: 1
Slave queue ID: 0
Slave Interface: eth2
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:10:18:a5:bb:80
Aggregator ID: 1
Slave queue ID: 0
Slave Interface: eth3
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:10:18:a5:bb:82
Aggregator ID: 1
Slave queue ID: 0
Oracle VM documentation states only that mode=6 of bonding is not supported with VLANs, but mode=4 is frequently used with Oracle VM.
Regards,
Michal -
Possible internet routing issues driving me crazy!
I've somehow hit a problem accessing a particular favourite website and it seems I may have a routing issue.
I've spoken with a friend who is fairly network savvy and he's suggested I raise a case \ complaint with BT. I thought I'd use this forum to test if I'm missing something I could be doing to fix it before logging a problem with BT Helpdesk!
I've a BT Homehub 2 (Current firmware 4.7.5.1.83.3.5 (Type B) and I can access pretty much all websites I care to look at without any issue at all, however the site I read most days is now no longer viewable on any of my 2 PC's nor my iPhone. When I try to access it I get no error messages at all just a blank white page.
Doesn't matter if I try using IE or Firefox or Chrome browers it's the same result - I just see a blank white page.
The site in question www.celticquicknews.co.uk (or www.celticquicknews.com) and is definitely available, as I can access it when using a site such as http://www.free-internet-organization.tk/ on both my PC's and iphone so I know the web site is up and running and available for browsing but since Thursday lunchtime I've had no joy in being to access that particular site directly wihout resorting to using another middleman site to let me view it.
I have tweeted the guy who hosts the www.celticquicknews.co.uk site and he's said his site is fine but has numerous similar queries around BTINTERNET folks having the same issue as I'm reporting.
I run McAfee Internet Security and having disabled the various firewall \secure browsing functions no improvement still no joy.
I did successfully somehow connect directy to the illusive web site this morning (Sunday 1st May) on my iphone at around 10am, but by the time I boiled the kettle to have a coffeee and sit and read the site it became inaccessable again on my iphone and both my PC's! So what's going on?
www.celticquicknews.co.uk [217.174.253.143]
www.celticquicknews.com [217.174.253.143]
Homehub TCP\IP info is as below which I suspect is of value to the more techincal on the forum:
Broadband network IP address 109.152.154.29
Default gateway 217.32.142.102
Primary DNS 194.72.0.114
Secondary DNS 62.6.40.162
ADSL line status
Connection Information
Line state Connected
Connection time 0 days, 01:11:16
Downstream 15,978 Kbps
Upstream 1,144 Kbps
ADSL Settings
VPI/VCI 0/38
Type PPPoA
Modulation G.992.5 Annex A
Latency type Interleaved
Noise margin (Down/Up) 5.2 dB / 6.0 dB
Line attenuation (Down/Up) 31.0 dB / 13.8 dB
Output power (Down/Up) 23.6 dBm / 1.7 dBm
C:\>tracert -d 217.174.253.143
Tracing route to 217.174.253.143 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.1.254
2 15 ms 15 ms 15 ms 217.32.142.102
3 18 ms 17 ms 16 ms 217.32.142.142
4 22 ms 22 ms 21 ms 213.120.163.26
5 22 ms 20 ms 21 ms 217.32.27.30
6 21 ms 21 ms 21 ms 217.32.27.178
7 22 ms 21 ms 21 ms 109.159.250.78
8 33 ms 35 ms 35 ms 109.159.250.13
9 28 ms 28 ms 29 ms 62.172.102.1
10 29 ms 28 ms 28 ms 195.66.224.98
11 33 ms 34 ms 33 ms 88.208.255.61
12 38 ms 32 ms 33 ms 88.208.255.102
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
C:\>
I've reset my HH several times over the weekend and am baffled as to how I can somehow have 1 site excluded from my browsing options for no obvious reason other than a suspected internet routing issue.
My iPhone is on ORANGE and when disabling the wireless connection it too is unable to view the site in question so it's a real pain!
Not sure where to go to progress this so any help \ guidance is very much appreciated.......
Solved!
Go to Solution.Appreciate the help....been out for most of the day and checked in to see if any additional posts.
I tried pinging the site and it does seem to resolve OK and also tried accessing site via IP but same issue - blank white page.
>ping www.celticquicknews.co.uk
Pinging www.celticquicknews.co.uk [217.174.253.143] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Then tried the telnet command "telnet 217.174.253.143 80" and I do not get any errors and as suggested the command prompt goes blank but no matter what I type I get no errors or response from server 217.174.253.143.
My IP address has changed from this morning and sadly still same issue for me.
Internet connection configuration
Connection Information
Connection time
0 days, 10:05:37
Data Transmitted/Received (MB)
10.8 / 29.4
Broadband username
[email protected]
Password
Not configured
TCP/IP settings
Broadband network IP address
86.147.168.198
Default gateway
217.32.142.102
Primary DNS
194.72.0.114
Secondary DNS
62.6.40.162
The tracert comments make sense so that's helped me understand, thanks for checking that out.
So what's the best option for me? Am I wasting BT and my own time logging a case?
I'd not usually bother pursuing this for the sake of a single web site but I'm bemused how this has happened since last week?
Thanks again for all help and guidance.
PJ -
Routing issue- seeing same IPs for two hops
Hello All,
I'm seeing two same IPs in the traceroute output. Is that due to routing issue that nexhop is as the same device for the first time?
Log:
6 10.30.102.26 61.060 ms 10.30.100.142 61.266 ms 10.30.102.26 61.071 ms
7 10.30.102.26 61.139 ms 61.211 ms 10.61.191.2 60.948 ms
Can you guys help me to fix the issue??
Regards,
ThiyaguAre you load balancing anywhere?
6 10.30.102.26 61.060 ms
10.30.100.142 61.266 ms
10.30.102.26 61.071 ms
7 10.30.102.26 61.139 ms 61.211 ms
10.61.191.2 60.948 ms
HTH,
John
*** Please rate all useful posts *** -
I think verizon has a routing issue with Telia.
thought I would share this, Telia has admited an issue on their network
Twitter / Telia_service: @Ungvall routing problem? This ...
https://twitter.com/Telia_service/status/179661595276881921
Cached
Similar
Share
View shared post
BTW Apparently @Telia_service had routing problems on both the latest iOS and ... DNS problem and we are working with Akamai for a sollution to this problem -
how to configure one dsl connection and one public ip in cisco router and map to one interface for using exchange server
Hi ,
Have you got any additional public IP Address from your service provider , If yes on router you can have static route for those additional IP Address pointing to your ASA outside interface .
Accordingly you can configure NAT
HTH
Sandy . -
Audio tracks playing different audio tracks - routing issue?
I'm having trouble with some routing issues I believe. Here's the deal:
Some audio tracks are playing different audio tracks, when that region is not even in it. For instance:
Track #2 is Soloed. Output is Output 1-2. I hear the audio file that is in Track #1, which is NOT Soloed and I shouldn't even hear. I don't hear anything from Track #2. The only way I can hear Track #2 is by playing it from the audio bin, which obviously isn't going to work out right.
If I drag the audio region of Track #2 to a brand new audio track, I still don't hear anything. Is it possible this audio file(s) got corrupted somehow?
Please help!Chris Joye wrote:
I'm having trouble with some routing issues I believe. Here's the deal:
Some audio tracks are playing different audio tracks, when that region is not even in it. For instance:
Track #2 is Soloed. Output is Output 1-2. I hear the audio file that is in Track #1, which is NOT Soloed and I shouldn't even hear. I don't hear anything from Track #2. The only way I can hear Track #2 is by playing it from the audio bin, which obviously isn't going to work out right.
If I drag the audio region of Track #2 to a brand new audio track, I still don't hear anything. Is it possible this audio file(s) got corrupted somehow?
Please help!
Check the parameters, in the left side of the arrange page window.
To me, it sounds as if you have a bunch of arrange tracks, which are all playing back through audio track #1.
Cheers -
Routing of messages to different interfaces via HTTP using one single URL.
Hi all,
I'm working on an inbound scenario. Messages are coming to SAP via HTTP adapter and i'm using a unique URL of every interface. But what is required is one single URL for all interfaces without any dropbox in PI, i.e. all messages will be pushed to one URL and i have to route them to their respective interfaces, there is no storage involved in PI box.Shamit2903 wrote:
Hi all,
>
> I'm working on an inbound scenario. Messages are coming to SAP via HTTP adapter and i'm using a unique URL of every interface. But what is required is one single URL for all interfaces without any dropbox in PI, i.e. all messages will be pushed to one URL and i have to route them to their respective interfaces, there is no storage involved in PI box.
logically this is not a possibility.
But in case you are looking at a generic interface then you will have to handle this using;
1. a generic Data type to accommodate all required structures
2. use conditional routing in configuration to execute further transformations.
I wouldnt recommend this though.
Maybe you are looking for
-
Not able to select value in MSC1N
Hello All, I am trying to create the batch using MSC1N. I am not able to select the characteristics values for few characteristcs. I am using selected sets and code groups for those characterisctis. For others it is working properly. I am getting the
-
Setup could not detect any Sound Blaster Audigy card on your system
Hi from Barcelona! I've a Soun Blaster Audigy card (Model: SB0090) I tried to install the Audigy software and drivers from the original product CD but Setup was unable to find Augigy hardware and halted the installation! "Setup could not detect any S
-
IPhone 4 not fully charging.
No matter how long I charge my iPhone, it won't fully charge. I charge it every night while I sleep, for at least 8 hours. Whenever I look at it in the morning, it varies how much it has charged by the morning. Sometimes it will charge to 95% and oth
-
How to publish .exe on to web
Hi, Regards, Sowmya
-
QuickTime player won't close and won't allow me to shutdown
I Have a MacBook Pro 11,1 - 2.6 GHz i5...IOS 10.9.5...8 GB memory...1600 MHz DDR3. My QuickTime v.10.3 won't shutdown and won't allow me to shutdown my MacBook pro.